You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Stefan Zoerner <st...@labeo.de> on 2009/03/08 17:55:20 UTC
[ApacheDS] Strange problem with LDAP clients connecting from remote
(Can't connect to the LDAP server - Unknown error)
Hi all,
I have a strange problem with the current 1.5.5 trunk. If I build it and
create noarch installers, I am able to deploy it and start the server
with default server.xml. But it is not possible to connect from
computers other than the one the server is started from (localhost).
I noticed the problem with a client within a VMWare image, which was not
able to connect to ApacheDS on the host system. First I thought it has
something to do with VMWare, but the problem persists, if I simply try
to connect from remote. The clients gets a "Can't connect to the LDAP
server - Unknown error". It has nothing todo with firewalls, and it is
not specific to an OS (can reproduce on Windows and a Solaris 10 box).
Problem is client independent (I tried Studio and ldapsearch).
With Wireshark, I see little traffic (two frames), but connection gets
established.
Any ideas?
Thanks in advance,
Stefan
Re: [ApacheDS] Strange problem with LDAP clients connecting from
remote (Can't connect to the LDAP server - Unknown error)
Posted by Stefan Seelmann <se...@apache.org>.
Stefan Zoerner wrote:
> Hi all,
>
> I have a strange problem with the current 1.5.5 trunk. If I build it and
> create noarch installers, I am able to deploy it and start the server
> with default server.xml. But it is not possible to connect from
> computers other than the one the server is started from (localhost).
>
> I noticed the problem with a client within a VMWare image, which was not
> able to connect to ApacheDS on the host system. First I thought it has
> something to do with VMWare, but the problem persists, if I simply try
> to connect from remote. The clients gets a "Can't connect to the LDAP
> server - Unknown error". It has nothing todo with firewalls, and it is
> not specific to an OS (can reproduce on Windows and a Solaris 10 box).
>
> Problem is client independent (I tried Studio and ldapsearch).
>
> With Wireshark, I see little traffic (two frames), but connection gets
> established.
>
> Any ideas?
Not an idea, but an investigation: With netstat on Ubuntu I see that the
service is only bound to localhost:
$ netstat --tcp -a -n | grep 10389
tcp6 0 0 127.0.0.1:10389 :::* LISTEN
Re: [ApacheDS] Strange problem with LDAP clients connecting from
remote (Can't connect to the LDAP server - Unknown error)
Posted by Emmanuel Lecharny <el...@apache.org>.
Stefan Zoerner wrote:
> Hi Emmanuel,
>
> Thanks for handling this! Thanks to StefanS as well ...
>
> Emmanuel Lecharny wrote:
>> Seems like you just have a preliminary TCP ack, and that's it. I have
>> to test it, it seems that MINA 2.0 behaves differently than MINA 1.0.
>> By default, when setting the Acceptor without any parameter, it uses
>> the localHost. Not what you want, probably.
>>
>> You can change the address in the TcpTransport configuration for the
>> LdapService :
>>
>> <tcpTransport>
>> <tcpTransport address="<your server address>" port="10389"
>> nbThreads="8" backLog="50"/>
>> </tcpTransport>
>>
>> Can you give it a try ?
>
> It works fine with adding my IP adress. It would be nice if it can be
> changed to behave like before. Adding the IP adress in the config is a
> burden for many new users.
>
> JIRA?
JIRA, definitively.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: [ApacheDS] Strange problem with LDAP clients connecting from
remote (Can't connect to the LDAP server - Unknown error)
Posted by Stefan Zoerner <st...@labeo.de>.
Hi Emmanuel,
Thanks for handling this! Thanks to StefanS as well ...
Emmanuel Lecharny wrote:
> Seems like you just have a preliminary TCP ack, and that's it. I have to
> test it, it seems that MINA 2.0 behaves differently than MINA 1.0. By
> default, when setting the Acceptor without any parameter, it uses the
> localHost. Not what you want, probably.
>
> You can change the address in the TcpTransport configuration for the
> LdapService :
>
> <tcpTransport>
> <tcpTransport address="<your server address>" port="10389"
> nbThreads="8" backLog="50"/>
> </tcpTransport>
>
> Can you give it a try ?
It works fine with adding my IP adress. It would be nice if it can be
changed to behave like before. Adding the IP adress in the config is a
burden for many new users.
JIRA?
Greetings from Hamburg,
Stefan
Re: [ApacheDS] Strange problem with LDAP clients connecting from
remote (Can't connect to the LDAP server - Unknown error)
Posted by Emmanuel Lecharny <el...@apache.org>.
Stefan Zoerner wrote:
> Emmanuel Lecharny wrote:
>> Can you provide those frames, plus the server logs ?
>
> Here are the frames:
>
>
>
> Frame 1 (74 bytes on wire, 74 bytes captured)
> Ethernet II, Src: Intel_42:f1:b4 (00:03:47:42:f1:b4), Dst:
> Sony_29:8a:28 (00:13:a9:29:8a:28)
> Internet Protocol, Src: 192.168.9.33 (192.168.9.33), Dst: 192.168.9.31
> (192.168.9.31)
> Transmission Control Protocol, Src Port: 57109 (57109), Dst Port:
> 10389 (10389), Seq: 0, Len: 0
>
>
> Frame 2 (54 bytes on wire, 54 bytes captured)
> Ethernet II, Src: Sony_29:8a:28 (00:13:a9:29:8a:28), Dst:
> Intel_42:f1:b4 (00:03:47:42:f1:b4)
> Internet Protocol, Src: 192.168.9.31 (192.168.9.31), Dst: 192.168.9.33
> (192.168.9.33)
> Transmission Control Protocol, Src Port: 10389 (10389), Dst Port:
> 57109 (57109), Seq: 0, Ack: 1, Len: 0
>
>
> 192.168.9.31 runs the ApacheDS on 10389. 192.168.9.33 is the remote
> client.
>
> I have attached the WireShark protocol as well (I am a little bit
> uncertain, which format you need).
>
> The server logs are basically empty.
> Greetings from Hamburg,
> Stefan
Seems like you just have a preliminary TCP ack, and that's it. I have to
test it, it seems that MINA 2.0 behaves differently than MINA 1.0. By
default, when setting the Acceptor without any parameter, it uses the
localHost. Not what you want, probably.
You can change the address in the TcpTransport configuration for the
LdapService :
<tcpTransport>
<tcpTransport address="<your server address>" port="10389"
nbThreads="8" backLog="50"/>
</tcpTransport>
Can you give it a try ?
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: [ApacheDS] Strange problem with LDAP clients connecting from
remote (Can't connect to the LDAP server - Unknown error)
Posted by Stefan Zoerner <st...@labeo.de>.
Emmanuel Lecharny wrote:
> Can you provide those frames, plus the server logs ?
Here are the frames:
Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Intel_42:f1:b4 (00:03:47:42:f1:b4), Dst: Sony_29:8a:28
(00:13:a9:29:8a:28)
Internet Protocol, Src: 192.168.9.33 (192.168.9.33), Dst: 192.168.9.31
(192.168.9.31)
Transmission Control Protocol, Src Port: 57109 (57109), Dst Port: 10389
(10389), Seq: 0, Len: 0
Frame 2 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Sony_29:8a:28 (00:13:a9:29:8a:28), Dst: Intel_42:f1:b4
(00:03:47:42:f1:b4)
Internet Protocol, Src: 192.168.9.31 (192.168.9.31), Dst: 192.168.9.33
(192.168.9.33)
Transmission Control Protocol, Src Port: 10389 (10389), Dst Port: 57109
(57109), Seq: 0, Ack: 1, Len: 0
192.168.9.31 runs the ApacheDS on 10389. 192.168.9.33 is the remote client.
I have attached the WireShark protocol as well (I am a little bit
uncertain, which format you need).
The server logs are basically empty.
Greetings from Hamburg,
Stefan
Re: [ApacheDS] Strange problem with LDAP clients connecting from
remote (Can't connect to the LDAP server - Unknown error)
Posted by Emmanuel Lecharny <el...@apache.org>.
Stefan Zoerner wrote:
> Hi all,
>
> I have a strange problem with the current 1.5.5 trunk. If I build it
> and create noarch installers, I am able to deploy it and start the
> server with default server.xml. But it is not possible to connect from
> computers other than the one the server is started from (localhost).
>
> I noticed the problem with a client within a VMWare image, which was
> not able to connect to ApacheDS on the host system. First I thought it
> has something to do with VMWare, but the problem persists, if I simply
> try to connect from remote. The clients gets a "Can't connect to the
> LDAP server - Unknown error". It has nothing todo with firewalls, and
> it is not specific to an OS (can reproduce on Windows and a Solaris 10
> box).
>
> Problem is client independent (I tried Studio and ldapsearch).
>
> With Wireshark, I see little traffic (two frames), but connection gets
> established.
Can you provide those frames, plus the server logs ?
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org